UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Auditing of registry key HKEY_LOCAL_MACHINE\SYSTEM must meet minimum requirements.


Overview

Finding ID Version Rule ID IA Controls Severity
V-36726 WN08-GE-000006-02 SV-48375r1_rule ECAR-3 Medium
Description
Improper modification of the registry can render a system useless. Modifications to the registry can have a significant impact on the security configuration of the system. Auditing of significant modifications made to the registry provides a method of determining the responsible party.
STIG Date
Windows 8 Security Technical Implementation Guide 2013-02-15

Details

Check Text ( C-45044r1_chk )
Verify system level auditing of object access is properly configured (see V-26545 "Object Access - Registry"). If this is not configured to audit "Failure", this requirement is a finding.

Verify detailed registry auditing is configured:
Run "Regedit".
Navigate to "HKEY_LOCAL_MACHINE\SOFTWARE".
On the menu bar, select "Edit" then "Permissions".
Click on the "Advanced" button.
Select the "Auditing" tab.
Verify the following is configured.
Type - Fail
Name - Everyone
Access - Full Control
Apply to - This key and subkeys

If the "Everyone" group, at a minimum is not being audited for all Failures, this is a finding.
Fix Text (F-41506r1_fix)
Configure "HKEY_LOCAL_MACHINE\SYSTEM" to audit the Everyone Group for all Failures. Propagate audit settings to subkeys.